RE: services running in windows domain (winXP clients)

From: Burak Bayoglu (bayoglu_at_uekae.tubitak.gov.tr)
Date: 12/15/04

  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #219"
    To: "'Christos Triantafyllidis'" <ctria@physics.auth.gr>, <focus-ms@securityfocus.com>
    Date: Wed, 15 Dec 2004 11:16:54 +0200
    
    

    As far as I know, DCs only list the services on itself and allows to
    configure the services policy for these ones. Another alternative is
    that if you know the exact path where the executable of the trojan is
    placed, you can use "File System" to give "everyone - deny" rights to
    the file. You may need to create a dummy file on DC to configure thsi
    setting. Or you can restrict the execution of this program using GP
    again. As a result the service will not be run by the client next time.
    As a better solution, you must use an effective anti-virus software to
    protect against well known trojan and virus programs.

    Burak BAYOGLU
    TUBITAK UEKAE
    Network Security
    Senior Researcher
    CISA, CISSP

    -----Original Message-----
    From: Christos Triantafyllidis [mailto:ctria@physics.auth.gr]
    Sent: Thursday, December 09, 2004 11:41 PM
    To: focus-ms@securityfocus.com
    Subject: services running in windows domain (winXP clients)

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Is there any way to allow only specific services to run at win
    XP clients through domain group policy?

    The services rule in group policy allows configure only on the
    specified services.

    What if there is a Trojan (or any other unknown program for the
    server group policy) that adds a service in windows xp? can we
    possible disable all services except the ones we want to run?

    Thanks,

    Christos Triantafyllidis

    - --
    PGP key : http://tassadar.physics.auth.gr/~ctria/pgp_public_key.asc
    MD5sum : *b426d395137af5d2a42c88840e131a5e
    pgp_public_key.asc* -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.6 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFBuMYsJmvANO7gN+YRAnZZAJ9G8ucOM6jNAXXHrKyP2tx04iky3gCeLe90
    /5QboRtTBNj5WOSr2xPyJHI=
    =0QDX
    -----END PGP SIGNATURE-----

    ----------------------------------------------------------------
    -----------
    ----------------------------------------------------------------
    -----------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Marc Fossi: "SecurityFocus Microsoft Newsletter #219"

    Relevant Pages

    • Re: Prevented from adding users
      ... but disabling will allow the clients to make a ... connection without the (there is a policy in affect...) message. ... setting I should configure my print server name? ... This policy setting restricts the servers that a client can ...
      (microsoft.public.windowsxp.print_fax)
    • RE: Assigning New IPSec Policy to terminal server
      ... When I said 'link to this OU', I exactly mean 'apply Group Policy to this ... For TS server, we can define a OU named TS and put the TS server account ... in order to secure the communication between clients and Terminal ...
      (microsoft.public.windows.terminal_services)
    • RE: services running in windows domain (winXP clients)
      ... > configure the services policy for these ones. ... > protect against well known trojan and virus programs. ... > XP clients through domain group policy? ...
      (Focus-Microsoft)
    • Re: Group policy - Inconsitent results depending of the Domain Controller
      ... have clients log on against the good server. ... instead using cached credentials and using old policy. ... You could also look at user environment debug logging to understand what's ... >>> the policy (Group Policy Modeling Wizard) and I notice that the results ...
      (microsoft.public.windows.group_policy)
    • Re: SBS2008 - GP Printers Disappearing
      ... Policies are applied at the refresh cycle for GP, which is 90 minutes by default. ... My guess would be the switch or the NIC in the SBS, since it affects all clients at the same time. ... group policy in the first place still exists. ... Now users are reporting to me that randomly their drives ...
      (microsoft.public.windows.server.sbs)